Comment 3 for bug 723945

Interesting, the commit message quoted here is the commit immediately *before* the one that fixes CVE-2010-4258 (a0b0f58cdd32ab363a600a294ddaa90f0c32de8c vs. 33dd94ae1ccbfb7bf0fb6c692bc3d1c4269e6177). So I'm guessing someone's import scripts have an off-by-one or someone copy-pasted the wrong sha1 somewhere. Sorry for the confusion here, I thought I was fixing a CVE that had mistakenly gotten attached, but it looks like it's the description that somehow got pulled in from the wrong place, instead.